This prevents a country from forcing somebody like Microsoft or Apple to give up their source code for "inspection" in order to access their market. It also helps to prevent States from demanding and acquiring encryption or other private keys (there's a separate section that also explicitly forbids mandating backdoors be added).
Not everything in the TPP is bad.
Imagine for a second that the US gets tough on GPL violators, and says "well, if you want to sell android devices in the US, you have to produce the GPL source code".
Or something even simpler, along the lines of "products marketed in the US must comply with all licensing obligations of software that it contains".
This one actually happens behind the scenes sometimes right now, though you don't see it.
I believe they would not be allowed to do that under this provision.
It clearly falls into:"1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
3 is no exception:
"3. Nothing in this Article shall preclude:
(a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts;"
The GPL and other open source licenses are arguably not commercially negotiated contracts.
So yeah, it doesn't stop private citizens or parties from doing whatever they want.
It may stop you from being able to create laws and enforce them at import/export time around actually complying with OSS licenses.
Which is really not great, since it in practice means free reign.
You will never get state supported companies in their own countries to comply with licenses. Generally, your only course of action is to try to enforce elsewhere, or ban import/export.
Here, in the case of the US, you will not be allowed to ban import unless all of that open source software is completely US written.
(since the provision limits requiring "source code of software owned by a person of another Party". Of course, what it means by "software owned by a person of another Party" is also up in the air, since most open source software has many copyright owners , so does it mean complete ownership, partial ownership, or what?)
This is the key issue. It seems like a copyright license to code under GPL would be commercial, in the sense that the parties are exchanging a license for the recipient undertaking the GPL obligations. Whether it's "negotiated" seems like a more difficult question.
One interpretive guide could be to look to the reason for the provision. I suspect the purpose was to allow for source-code escrow agreements in things like enterprise software deals. It would be odd for the enforceability of those provisions to turn on the degree to which the parties "negotiated," so I suspect this will be a low bar.
Rather, I suspect the term "negotiated" is intended to block end-runs around the default rule. Otherwise, governments could obligate copyright holders to burden their code with GPL-like code, e.g., a reg saying you can only provide voting machines if they are based on a modified version of the Linux kernel.
So I think GPL source-code disclosure obligations remain enforceable, absent coercive acts by a government to force parties to undertake those obligations. But this is really speculative.
If the TPP does not impose the same restrictions on contracts between private parties, that is not a benign thing. Private parties includes corporations, and most contests between legal corporations and "individual natural persons" eventually are settled in the interest of the party with more resources, often the legal corporation. Such challenges may play out in the markets or the courts, or it may play out over an even longer period in the legislature by changing the laws regulating or guiding the markets and courts. Thus, hamstringing the State's ability to have laws counter to this section of the TPP actually saves an entity the time and money which might otherwise have been needed to lobby a State's legislative bodies or develop the legal framework by way of a legal process. It fixes the playing field in favor of non State actors. Currently the most powerful non State actors are for profit corporations and privately held companies. This section of the TPP is not at all neutral, if understood to apply only to States. It would then heavily favor corporations and companies, and it would limit State actors and thus their populations. It would favor entities driven by profit motive or the motives of whomever the individuals are that own said private companies. That. Is. Huge. That is a fundamental shift in how, say someone like an American like me, many people might want to govern the communities they are a part of.
In order to distribute software for which you do not own the copyright, you need to have a license. If you do not agree to the license, then it doesn't even get to the stage we are talking about. You can't distribute it anywhere (under international copyright law). If you agree to distribute the source code in order to get a license, then you have agreed to do that. Is that not what is meant by a commercially negotiated contract? There is consideration on both sides (one party gets to use the software, the other party ensures that the source code is available to users of the software).
Either way, I think this wording is terrible and it worries me greatly. However, my layman's view seems to fall on the side of the GPL being OK. I would be grateful for explanations on what I may have misunderstood.
There are two problems.
First, this violation is remedied by an action. Normally, that action for an order to comply with the license (not just "stop using it and pay damages").
There is a question whether a court would legally be able to order such a thing anymore.
B. As you have identified, "Is that not what is meant by a commercially negotiated contract? "
Generally, a commercially negotiated contract is a contract explicitly negotiated between two parties.
If i have received GPL software, i have not negotiated a contract with the author or anyone else.
In every case, the use of the license (and subsequent release of the source code) is a choice. Of course, without choosing to follow the license, you can't distribute the software. As far as I understand, this is by design and the reason why the GPL is so robust.
I also think this is a negotiated license because the GPL specifically says that you don't have to accept it. It is a written offer for a license. Sometimes, if you contact the copyright holder you can get a different license. Usually now. Just because the offer is made to everybody, doesn't mean it is not a negotiation (I don't think... but that's probably where knowledge of the law would come in handy ;-) ).
What does it matter that a state cannot compel a corporation to reveal its source code as a condition of distribution? The key is that the recipient of the distribution cannot make use of it without a license, pursuant to international copyright law and treaties. And you can indeed sue them for infringing on this, under copyright law, can you not? As a condition of use, they must also OFFER TO distribute the source code of any derivatives.
No one is forcing the actual distribution of the source code of derivatives. But if this distribution does not happen, the recipient CAN be sued for copyright infringement, lacking a license, no?
In your opinion how does this affect the ability of governments to pass laws requiring them to use only free and open source software? I think this is incredibly important not only for software freedom but for a properly functioning free society in general (think of voting, financial accounting and digital currencies, etc). Would such use be considered "critical infrastructure" or does this provision preclude passing such laws?
The treaty specifically states a party cannot compel the owner to reveal the source code. Arguably someone violating the GPL or similar license is not the actual owner of the code.
"1. No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
It does not say no party can compel an owner, it says no party can compel access to the source code owned by person of another party. That is not "no party can compel the owner" it's "no party can compel access to source code that meets certain conditions".
Period. There is no "nobody can compel the owner" part in there that i see.
The only reference to ownership is around a pre-req to compulsion. IE if you break it down, it says:
"unless the software that meets the following conditions, you can't compel access to code
A. It's owned by a citizen of the party
B. It's not being done as a condition for the import, distribution, sale, or use of such software, or products containing such software, in its territory"
It would essentially mean software authors could not enforce their copyright against infringers in other party nations if proving infringement required access to the author's or infringer's source code.
Of which part.
I think the part about whether you can compel an owner is cut and dry. It says nothing about compelling owners. Period.
The part about countries being able to make laws about import/export, also very cut and dry. This is very clearly covered.
The part about countries not being able to have courts order source access, yes, is a broad interpretation, but honestly, not inconsistent with how this kind of wording tends to be read by courts.
Even if you cut the last part out, the other two are still very very worrying.
I was going to argue that, but after thinking about it realized I was making the incorrect assumption that the owner of the source code was the only one who could provide said code. Hence my incorrect interpretation.
> The part about countries being able to make laws about import/export, also very cut and dry. This is very clearly covered.
Not challenging that.
> The part about countries not being able to have courts order source access, yes, is a broad interpretation, but honestly, not inconsistent with how this kind of wording tends to be read by courts.
If that is the case, I don't see how any state with a decent technology sector would agree to it, because it would allow party states to basically set themselves up as piracy safe havens.
> Even if you cut the last part out, the other two are still very very worrying.
I don't think the first is worrying at all without the third. To try to extend the meaning of the first to include legal actions taken in copyright infringement cases would be tantamount to scuppering the very protections other parts of the same treaty are trying to enhance.
So you can't (seemingly) require FOSS to access the market at all, but you could compel someone to reveal source for any number of other reasons.
I still don't see how the State would be involved here though...
IE If i get a federal judge to order source code access, do you think I did it, or instead that a party (IE US) just compelled access?
(Hint: The law mostly says the latter ;p. That's why i can get law enforcement to enforce it. Because it's an order of the government, not an order of me)
Now, whether it meets the other conditions for the "no compulsion" part, that depends on the circumstances.
To make a poor analogy, imagine that the law said States can't require people to kneel and kiss a pinky ring in order to enter the State. However, they can require a valid passport, even if in Guilder in order to get a passport you have to kneel and kiss the pinky ring of the King of Guilder.
From my (not a lawyer) reading, it seems to suggest that the government can't forbid the sale of closed-source software.
Also, you don't need a license to use software, which is why the GPL is irrelevant to end users. But I can't see how someone choosing the use GPLed software is doing anything different than downloading the Torque 3d engine, etc. It's freely accessible, but you have to agree to some conditions to legally do certain things with it.
So, just because a piece of legal language can be interpretted a certain way, that does not mean it is likely to prevail in court. In this sort of case, I'd be surprised if any TPP negotiator or representative, or any documentation from the TPP process, will indicate that this language was intended to break the GPL and open source in general.
But that's unrelated to today's GPL situation, because the way the GPL works today is: "I as a copyright holder sue you for copyright infringement because you don't have my permission to my work… by the way, I'll give you permission if you follow these license terms…"
UPDATE--saw you already addressed this at the end of your post. Agreed.
Also, being slapped on is not a problem for a contract. We interact with adhesion contracts every day that are slapped on to things. When you accept a valet ticket for parking it has a contract on the back that you are assenting to by using the service. No negotiation occurs and adhesion contracts are valid contracts.
Since "commercially negotiated" is not a term of art, why do we think the GPL is not one?
CoAs require a weaker party, who has no leverage, and it seemingly need to be for a necessity (as part of the "no choice but to agree").
The GPL is an offer, but in no way precludes authors from accepting other terms for use of their work.
The only way out of this would be to declare car ECUs (or other systems) as "critical infrastructure", the definition of which I'm sure will be subject to many political tug-of-wars once this is implemented.
(unless (car-radio-playing?) ; probably not the owner driving
From a pure financial standpoint, there's no possible way that it isn't cheaper to just measure real emissions than attempt some kind of software analysis for every version of every vehicle on the market.
Furthermore, an agency inspecting source code has absolutely no way to tell whether or not that the source they've been given is actually what's running on a car.
Similar restrictions would severely cripple innovation in cars. Just consider Tesla's autopilot software.
Is there some kind of formal engineering practice they require manufacturers to adhere to?
How are their staff qualified to read the vast variety of languages out there?
I cite these as immediate, obvious roadblocks to verification, regulation, because they're easy and many PLs are something that the vast majority of the software industry are not used to.
If the binaries don't match, then whatever certification the device needs automatically fails and it cannot be sold.
What that means is that later on, if "Something Bad" happens, you are in a position to be certain of what code was running. This makes investigation much easier as there is no chance that the original source code cannot be found when needed later. This does get a bit more complicated with software updates, especially OTA updates.
- Are governments and other regulatory agents going to formally verify compilers?
- Are these agencies going to prevent software from being written that doesn't conform to their rigid standards?
- Many compilers, technologies in use today aren't perfectly deterministic. Optimizations, flags, etc. can all dramatically affect an emitted binary.
- What if I want to use a completely different architecture than a regulatory agency is used to? Am I just not allowed to?
And as you mentioned, updates.
With the ability to do OTA or any other updates, software becomes almost impossible to identify or deal with.
I'm not familiar with exactly what software regulations exist today for the auto industry, but certifications for repeatable software processes (including build and deploy) are nothing new.
The point is that we should trust the industry to do the right thing, but also maintain our ability to double check. Until something like the VW defeat scandal happens it doesn't make sense to invest the resources needed to really dig in.
Updates and cheating can be detected by requiring service stations to pull software from randomly chosen vehicles during annual inspections. In the US we could use the standard highway funding threats to require states to enact such laws.
It's actually the same problem: an extremely complex object is being constructed, a critical failure within which could leave many people nearby injured or dead.
The solution is actually somewhat ingenious: License a small group of people to go analyze such things, let them organize themselves independently, but require them to sign off on the design. It turns out that with their license and livelihood on the line, enough people aren't willing to sign off on terrible, shoddy crap that the system mostly works.
Perhaps it's time that software grew up and became something closer to a real engineering discipline?
Filled with red tape, inaccessibility, limitations?
No thanks. I think we've done a very decent job of self-regulation, licensure and review have fared well for most* life-threatening software systems.
When you have repeatable conditions - software in the tested product can detec that and act differently in these conditions.
That's exactly what happened in VW case.
It's nontrivial to fix the test so that it is still repeatable and hard to fool by company determined to fool it.
I agree, it's not trivial. But, it's not hard either.
It's like weighing someone, you don't need to see their feet, but if you can't then you can't tell if they have both feet on the scale.
I haven't studied it closely to see how narrow those meanings are, but it seems like emissions control software might fall under infrastructure (I also guess that mass market is talking more about shrink wrap software than embedded software, you don't use an ECU in the same way that you use a word processor).
When Peru made a law demanding that the state has access to the source code for that exact purpose, Microsoft was upset, because they didn't want to play by those rules, but also doesn't want to lose that market.
Since when is that a good thing?
At present, "Chinese officials have learned to tackle multinational companies, often forcing them to form joint ventures with [Chinese companies] and transfer the latest technology in exchange for current and future business opportunities"  which is good for China but bad for America. America wants a treaty with China that will stop them doing that.
Personally I'd be surprised if China went for such a deal, regardless of what happens with TPP.
However, given the contents of the treaty, I don't think this exclusion is something that really bothers China.
China wanted in on the WTO bad. Real bad. China doesn't really care about the TPP.
> The TPP means that America will write the rules of the road in the 21st century.
It very much sounds like they’re treating the rest of the world as colonies.
It's been going on a long time. General Butler, who got Medal of Honor twice & led many wars, straight up said in his confession (War is a Racket) they hit countries to enforce American capitalism while pretending it was about liberty, etc. I can also direct you to some resources covering how much people in Iraq and Afghanistan appreciate how America doesn't do imperialism any more. Oh, wait, I don't know any...
This gradient of power reminds of the colony-empire relationship of one entity having might over another. (though not nearly comparable, I used it as hyperbole)
In a good treaty both the US and any partners – like Japan, Singapore, or New Zealand – would get the exact same rights.
These markets are not part of the free trade deal and not subject to ISDS.
He really seems to think that the TPP is a key plank in shoring up American power in Asia.
Which, if it were a better treaty, it might.
I'm not sure I'd want a US company to supply hardware/OS to schools, and not be able to stipulate source code availability in the contract.
I'm not sure if this is the kind of things that this makes illegal -- but I wouldn't be surprised if it is.
TPP is designed to give commercial entities equivalent rights to nation states. That's what the 'Investor-State Dispute Settlement' provisions refer to. Under these provisions a commercial entity could 'steal' Open Source code, without the requirement to release the source code. In effect rendering licenses such as the GPL unenforceable. At the very least it may cause a dilution and hinder the growth of the Open Source sector. Now I wonder whose interests that that would advance and who helped to write such provisions.
ISDS is intended to provide standing for a company from one country to request relief from the government of another country. Without ISDS, the Vietnamese national government could simply take whatever U.S. property is located in Vietnam, and the U.S. company would have no recourse.
So when it says "No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory," Party refers to a government.
It means other countries can not have the software they buy inspected for NSA (or whoever else) planted backdoors.
It also means that countries can not ask for source code in a guarantee that the software will remain useful if the company goes away.
What it does not mean is that those countries will stop pirating software. There's no mechanism for enforcing that.
So a government can still choose to use open source software, and have whoever do whatever consulting on that software, they just can't refuse to allow a proprietary vendor to offer their product for sale.
boom, encryption done wrong!!
Look at PGP, source code is open. Nobody can crack it yet.
But DO we know if Apple is really on "our" side or are they just marketing it? Well, if our governments could see into the code. They could tell us.
And if you tell me. Well there could be some people working for the government that could leak the code. Well then I tell you, just don't hire people who worked for a company for many years as their lead [[something]].
> Not everything in the TPP is bad.
I go by the rule. If it is a big thing and will alter a lot of stuff. It primarily is bad, very very bad. And they got to convince they are doing good.
They could but they never would.
I prefer the more open options.
"No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory."
Or am I misinterpreting that? Does this preclude a government from requiring the use of open source software in some cases? IANAL, but I don't think it precludes government USE of OSS, but I think it means they can not have an open source requirement in a bidding process.
On another note, what IS the purpose of this language in TPP if not a direct attack on open source software?
With all the secrecy one has to try and determine who might have written these clauses (USA multinational corporations presumably) and what the clauses are supposed to achieve (higher profits).
Preventing countries from freely moving away from the strongest capitalist models of software production seems like something that's likely to appear in TPP & TTIP; anything socialist also seems like it's going to be a target.